City of Spring Hill (TN) attacked by Ransomware

Local authorities in Spring Hill (Tennessee) state that the city was attacked by a ransomware virus on Friday, November 3.

Jamie Page who is the City spokesman said that one of the city’s employees opened a malicious email and clicked on its attachment. Right after that all city’s servers were infected and locked down.

Once the computer network was encrypted, a ransom note appeared that demanded 250,000 USD to unlock the data.

The city authorities are not sure who is demanding the ransom. City refused to send any money to hackers.

The ransomware virus locked out all city employees from the email system. It was also impossible to process online payments. People could not pay their court fines, utility bills, business licenses via debit or credit cards. All who need to pay to the city could use mail checks only. The city’s IT department is currently rebuilding the computer system from backups.

In spite of such a serious cyber attack, Jamie Page proclaimed the city was not hacked. City officials say no personal information was stolen and no customer account info was compromised.

It is good that IT personnel are able to restore the servers from backups. In many cases, government institutions lack recent backups when facing such attacks. There is a dozen of cases when police departments had to pay the ransom because of that.

Another issue is that in all similar attacks, city official state no data was stolen or compromised. Any cybersecurity expert would question such words. Hackers managed to penetrate the servers. There is no guarantee they had not copied any data prior to encrypting it. Why would not they? It is now a common trend among hackers to mask data stealers as a ransomware. Nobody can analyze what is inside as all files are encrypted and virus self-destroyed.